Protect Your Business: Identity Theft & Disaster Management | Michelle Cornish | Skillshare

Protect Your Business: Identity Theft & Disaster Management

Michelle Cornish, Author & Illustrator - Former Accountant

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
9 Lessons (33m)
    • 1. Introduction

      1:40
    • 2. Identity Theft

      2:32
    • 3. Common Scams

      8:44
    • 4. Email Safety

      4:12
    • 5. Passwords

      3:44
    • 6. Privacy Policies

      4:15
    • 7. Disaster Management Plan

      2:37
    • 8. Your Project

      5:11
    • 9. Thank You

      0:25

About This Class

f74b3819

Do you ever worry about having all your business information online? What if an emergency or natural disaster struck - would your business be wiped out?

In Protect Your Business you will learn about:

  • the information required to steal your identity,
  • common scams and how to avoid them,
  • the number one thing you need to know about email,
  • how to create the best passwords,
  • privacy policies and why you need them, and
  • how to create a disaster management plan.

Join me on this journey to being more vigilant about your personal and business safety!

Transcripts

1. Introduction: hello and welcome to protect your business, where I'll be talking about identity theft and disaster. Manager. I'm Michelle Cornish, your class instructor. I'm an author and illustrator, and you might be wondering why I'm teaching a class on identity theft and disaster management. Well, I used to be a chartered professional accountant, and one of the things that I did as an accountant was volunteer with CPA Canada's financial literacy program. One of the most popular presentations that I did was on identity. Theft is a very important topic, and I want to make sure that you are protecting your self and your business while online. So this course is for you. If you are concerned about conducting business online and how you can best protect yourself , you will learn about common scams and what you can do to prevent them from happening to you . You also discover tips about safe email use and creating optimal passwords, and you'll be ready to recover when disaster strikes. So if your business was to be wiped out in an emergency situation, like a fire or a flood or anything that could potentially have a serious long term negative consequence on your business, you will be ready because we are going to be talking about disaster management plans. So as part of the course, if you're taking this on skill share, you will be doing a class project which will be creating a disaster management plant. So in the next video, I am going to be talking about identity theft, so let's jump right in. 2. Identity Theft: all right, so let's talk about identity theft. I'm sure you've heard about it and what it is. But one thing that surprises a lot of people is the amount of time and money it can take to you get your identity back after it's been stolen. So it's not uncommon for people to spend tens of thousands of dollars in legal fees to get their identity back. And it can actually take years to get your identity back after it's been stolen. So while there are insurances and different protections, you come by to help you out. In the case of identity theft, the number one thing that is going to help you is protecting your identity. So one thing that I would surprised to learn is that people who are looking to steal your identity can do so with only one piece of information, which is your name. But if they have your name plus one of the other things listed on this slide, it makes it that much easier for them to steal your identity. So these are the things you want a guard as much as possible. So your full name, your date of birth, social insurance or Social Security number. Your complete address. Mothers made a name, user names and passwords for websites and later in the class and going to be talking about creating the best passwords so toe offer you the most protection. So that is not easy for people to hack websites that you use. You want to protect your driver's license number, your personal identification numbers. So those are the pins that you would have on your bank account card. Your credit cards. You also want to protect your actual credit card number and bank account numbers your signature as well as your passport number. So how do you go about being vigilant when it comes to this personal information? When you are entering pins in the stores on the keypads, make sure that you are shielding it from other people's view. So, as much as possible, try to block that keypad with your body. When you're signing something, try and again block that with your body so people cannot see your signature and how you write your name. Um, you want to just not give out any information over the phone. A lot of people we'll try to scam you by phoning and asking you what your date of birth is , they might say, Oh, I've got your address. Is this your correct address? Can you confirm that? And then that's the way they trick you into giving them or personal identification. So I will be talking later in the class about common scams. Actually, that's coming right up in the next lesson. So stay tuned for some more advice on common scams to watch out for. 3. Common Scams: Okay, so let's talk about some common scams. I'm sure you're aware of many of them already, but I wanted to make sure that you are aware of scams that target businesses specifically. So the 1st 1 is email phishing, which this is actually targeting individuals as well as businesses. But sometimes businesses get hit even harder, especially if their email is widely available to people. So what email phishing is is where in the email, there are links for you to go and update things like your passwords or failed payments. And the people who are trying to scam you can actually get your passwords and your credit card information from thes links. So never click on these links that come in emails. You'll sometimes notice that the emails are very, very similar to companies. For example, if you use PayPal, the email may look like it is coming from PayPal, so I will always just go and log into my account wherever it is and check to make sure that everything is as it should be. I will never click on one of those things, because that is how people can steal your passwords and credit card information. another one is calls to your place of business. So if you have a physical business location, they will actually call your office trying to get your email with the purpose of hopefully sending you the email Phishing scams. So some people make their email public anyways, so maybe you don't mind giving out your email information. But if somebody calls your office and they just want your email and they don't explain why , I'll be really hesitant to give that information out. So if you have employees that work for you, make sure you let the no, especially if they are employees that are answering the phone for you. Make sure and let them know it, whether or not you want them to give out the email information for the business. And you know, it might be perfectly fine, especially if you are aware of the email scams. And it's just a matter of deleting those emails or even setting up a folder so they get sent directly to a junk mail folder rather than being in with the main contacts that are from people who are actually wanting to do business with you. False orders of supply so This is where somebody will call you and say, Oh, I noticed that your toner is running low and it's time for you to reorder. They actually have no idea what is going on with your printer. And they're just hoping that you will give them your credit card information so that they can then use it for themselves. You will never receive the supplies. Ah, but this is one very common scam that people are trying to pull on businesses. Fake invoices is another one. You might get an invoice for something that you never received from a company that you never heard of before. So make sure you always check over your invoices and this could be coming by way of email. It could be coming in the regular postal system. So make sure you check things over very carefully before you pay anything to make sure that is a legitimate amount that you owe on your business now, insurance fraud. So this is where people will come to your place of business, and this is whether or not you have a home based office or you have an external office location and they will try Teoh. Um say that they fell during your at your place of business may be that the sidewalk was icy or something like that, and they are actually trying to get a big insurance claim. Eso You always want to make sure that whether you are home based or you have an external office, that you have the proper insurance to cover things like that. Um, if people are, you know, coming to your office. Especially, maybe you have the kind of business where you don't actually have clients or customers coming to your place of business, and that's totally fine. It's always a good idea, though, to check that your business insurance covers everything that you need it Teoh. So it's always a good idea to go over it with your insurance agent. And they were. They might ask you questions that will trigger that you need something else, some other sort of protection for your business insurance. So theft by employees. Unfortunately, this is pretty common as well, so obviously, if you don't have employees, you don't have to worry about this. But if you do have employees, one of the most common scams that employees I will do is just stealing inventory. So maybe they're working a shift by themselves. Or maybe they're really good at being sneaky. And they just put, um, inventory or supplies into their backpack, and they take it home with them. So you always want to be keeping an eye on your inventory if you do carry inventory or if you have extra supplies around, making sure that something doesn't seem out of the ordinary to you that all of a sudden a whole bunch of supplies are missing when you just received an order Malware and ransomware , this is where somebody will. They can do this through an email phishing scam so it does work by clicking on a link, and essentially they're holding your computer hostage. So what will happen is you'll get a screen will pop up, and it will just say it will give you a message like you need to this password to unlock the screen so you can use your computer again, and you have to pay a certain amount in order for that to happen. So one way to avoid this is, of course, not clicking on any links that you received through email, but another way that people can install malware or ransomware on your computer is actually by calling your office and saying that they are with Microsoft. So this is one really common one, so they'll say we're with Microsoft. We noticed there's something wrong with your computer. Could you please log in and give us? You know, they'll ask for certain information so that they can get access to the to your computer, and then they will put the malware or ransomware on your computer. So this is another instance where you do not want to trust people that are just calling you up or emailing you and saying that they are someone from Microsoft. You have no way of knowing that you could just hang up and call your local I t professional . Or maybe you have an in house I t professional that you use, and you can ask them. So even if the person that is calling says that they noticed you have a virus on your computer or something like that, just hang up and ask your i t. Professional because you want to make sure that you have somebody that you trust it's looking at after your computer not some random person that has phoned you up. Another thing. Eso actually before I continuing with that. The difference between malware and ransomware is that malware We'll leave viruses on your computer and potentially ruin programs and files that you have on your computer. And Ransomware is where you actually have to pay to get a code to unlock your computer. So that's the difference between those two. Okay, so going back to the example of somebody that is saying that they're calling from Microsoft , Microsoft is not normally going to call you, so the chances are that they are not who they say they are. So you know, you could just hang up on them to avoid that scam. Okay, so awards is another common scam. People will call up your place of business saying that you have won an award. But in order to be recognized for this award, they need certain pieces of information like your email address, your mailing address, your phone number and potentially even They might ask for a credit card numbers so they may ask you to pay for the award or to pay for tickets to the recognition banquet or something like that. So always check and make sure that it is legitimate. Most awards that you win as part of your business. You will not have to pay for so whatever the situation never assumed that the person is who they say they are. You always want to do your own investigating to make sure that it is legitimate. Regardless of the scam. I have included some links where you can go to find out more information about common scams , as well as how to report them and how to prevent them. But the number one thing is just being extra careful. It may seem silly to you to not give information out over the phone or through email, but it is very important if you want to protect your private information, both your personal information as well as your business information. So up next, I'm going to be talking about email safety and the best way to protect your information. When it comes to email 4. Email Safety: Okay, so let's talk about email safety here. Now, people often feel like email is safe because you have your own personal address. You have your own password. But the truth of the matter is that email is not a safe as you think it is. So I've included a paper airplane on this slide because email would be similar to writing a message on a paper airplane and sending it off. Anyone who happens to come across that paper airplane can read your message. So when I was working as an accountant, I attended a seminar where they told us that email is similar to sending a postcard in the mail. So anyone who knows what they're doing can easily read your message. So with a postcard, all you have to do is flip it over and there is your message. So you really want to be careful what you are sending through email because it is extremely easy to access. So never send any personal information through email, and something that makes this really difficult is people will often ask you to do that. So, for example, I, um, was working a new job. This is about a year ago, and they asked for me to send them my social insurance number and fill out my employees forms and email them back to them. Well, after hearing all this information about email safety, there was no way I was going to send them my personal information through email. And I was actually shocked that they would ask me to do this because this was a well known ah large employer, and they really should not be expecting their employees to send a personal information through email. So keep this in mind for your own business. Whether you are dealing with other people who are asking you to send personal information through email or whether you are asking your employees to email you personal information, be extremely careful what goes through email so you should not be sending any personal information through emails. A better way to do it would be to use a fax machine, use a secure portal so most accountants now, if they are going to be paperless, they will set up a secure portal for you to send them your financial information so you will have your own log in and the portal is completely safe. Nobody else can access your information. You can also use encrypted emails, so this is a special type of email that you can get. You could. Also, if you wanted to send a password protected document, you could do that. But then you also have to find a way to give the person on the other end of the email your password, so I wouldn't. I totally recommend that way as being safe, because somebody could still find your password protected document and your password, especially if you send it in the same email. And it might be easy enough for them to access to your information that way. But you could. As an alternative, you could password protect your document and then potentially phone the person and give them the password access. But then you also have no way of knowing what they're doing with your password at the other end. So my best recommendation is to use fax, secure portal or encrypted email instead. So I have had experience with financial planners that actually use encrypted email. It's very clear that you're using encrypted email like it's very different than regular email. You have to usually log into their system. And then you access your information securely that way. So it's very similar to a secure portal and that everyone has their own password. Um, and they have to use passwords to gain access to the information. So if you don't remember anything from this class, I hope that you will remember not to send personal information through email. That is a huge no, no. And one thing to keep in mind is that when you're dealing with the government, they often will not send emails. So you are not expected to send tax information through email to the government because as another very common scam. So watch out for that as well. And up next, I'm gonna be talking about passwords and the best types of passwords to use to protect your information. 5. Passwords: All right, So here's what you need to know about setting up the best passwords to secure your information. And this could be for anything from a password on your phone, a password on your laptop to document passwords and passwords to accessing websites. So here's some best practices for you. Try to use a freeze rather than a single word because of phrases a lot harder for somebody to hack than a simple, single word and what I like to do, as well as combined my phrases with symbols so that it's not just a a straight phrase, but it also has exclamation marks and numbers and dollar signs and saying things like that that makes it that much more difficult to guess. A swell so that will be including symbols and numbers in your phrases. You can even include spaces because I will make it difficult. Not all um, systems will accept a space as part of a password, but many do so you could also incorporate that, and you want to try and create a different password for everything that you're logging into . And I know that can be a little bit crazy, considering all the different websites that we log into. But it is important if you want to protect your personal information because what people will often do if they discover a password for one of your accounts, they're going to try it on all your other accounts as well. So if somebody happens to hack into your computer and they discover one of your passwords, they're going to try that for all of your accounts. So try to have a different for every account and don't link your accounts. So linking your account is where you can use a password from, say, for example, Facebook toe access. A different website. Do not do that because that again makes it a lot easier for somebody to access your information. So when you go to a site in it says, you know you click here to use Facebook to ask access this website. Don't do that. Always set up a fresh account for the site that you're going to, because then it just adds another layer of protection. For your information. Now, don't keep a list of all your passwords. I know it's really difficult to keep track of everything, but there are better ways to do it than, for example, keeping a spreadsheet on your computer. Because if somebody happens to hack into your computer and they see a spreadsheet that says passwords, of course, that's the first thing they're gonna look for, and then they will have all of your passwords easily right there. You could create a password protected spreadsheet as long as you have a really good password so that they cannot Hackett and then get access to all your passwords. But there are actually better ways to protect your password. So there are programs like Last Pass where you can store your password in the program, and then you actually log in using that that program instead of going into each individual website and trying to remember the password that you set up for that website. Um, and then another one is called One passed so or one password. I can't remember the exact name of it, but there are legitimate programs that will keep track of your passwords and protect your information. But again, you just want to make sure that you know people that have used the program and that it is legitimate because, of course, people who are going to be trying to get your personal information. They will be coming up with unique ways to do it all the time. And it wouldn't put it past them to try creating a site to protect your password just to get access to your passwords. So be very careful as to which site you're going to use. So that is a password management program, last pass or one password, and they could be very effective and make it really easy for you to keep track of everything in a protected away. 6. Privacy Policies: Okay, so let's talk about privacy policies, what they are and why you need one. Okay, so you need a privacy policy when you are dealing with other people's private information. So if you are a lawyer or an accountant, for example, you will definitely need to have a very detailed privacy policy that explained what you are going to be doing with your clients information and how you are going to be protecting it, because people I need to know that their information is going to be safe when it's in your hands. So, um, for most professions that require privacy policies, you can find templates and then make it your own. So, for example, one way to protect clients private information is to keep a backup that you then take off site. So if you have an external office, you're going to back up that information and then take it home with you at night. Um, you're going to have passwords protecting everything so that hackers can't get into your server and accessed your client's information that way. So you would want toe specifically say, in your privacy policy, how you are protecting people's information and what you are doing with that information. If you're keeping client credit card information on file or any other personal information of your clients on file again, you would want to have a privacy policy describing how you're protecting that information and what you will be doing with it. So in the case of retaining a credit card information, you want to specifically say when it is that you're going to be charging that card and what permissions you require from your client or customer. Now, if you have a website and you collect any information from your website viewers, you also wanna have a privacy policy. So this is even just simply collecting their email. You need to have a privacy policy on your website, and again the privacy policy is gonna outline what you're doing with their information. So what are you going to use their email for, and how will you be protecting it from other people being able to access it? So this is really important. Almost all websites need to have a privacy policy, and if you go to a website, look near the bottom, you'll be able to see it's usually in the photo of the website. You'll see where it says privacy policy. You can click on there and see the kinds of wordings that people are using in their privacy policy. It's also usually available as a template if you search online as well. And if you're worried about it, then certainly talk to a lawyer and make sure that you have anything that you need to have in it. Um, is accurate. Okay, so what is the privacy policy? So it's notice flying your clients or website users what information you collect so already touched on this a bit. So what is it that you are going to be gathering? So if it's your website and you just want email sign offs so you can use people's email to send them a newsletter, then you can just say that you are collecting their name and email information. You're going to explain what you're using that information for. So basically why you are collecting their private information, what you are going to do with it, so that anyone that does sign up through your website, it's very clear to them what you're doing with their information. And if you ever have people complaining about how using their personal information. You can direct them then to your privacy policy as well. And it tells people how you're being responsible for the private information. So again, how you're going to protect their personal information that you have collected. It's very important. People want to know that you are protecting their information. Some people will just give up their email, you know, as easily as giving out their phone number. But other people want to know why you want the email and what you're going to do with it. I mean, most people that sign up on an email list thing know that that's why you're collecting their email, but is still a good idea toe have the privacy policy a policy in place in case you get people who are going to complain about it. Okay, so up next I'm going to be talking about disaster management plans and why you need one and what they are 7. Disaster Management Plan: all right, so disaster management plans. I apologize if this seems a little bit serious and scary, but it's an important thing to think about when it comes to your business. So a disaster management plan is basically thinking about everything that is important to your business and what would happen in an emergency situation or a disaster. So if there was a fire or a flood that wiped of your business, how could you get it back up and running as quickly as possible? And how could you avoid as much damage as possible? So the disaster management plan really gets you thinking about all these things. It helps you to develop systems and automation Z so that you can easily get back up and running again if something like this were to happen to you. So an emergency could also be something like having a hacker, um, take over your computer and having to deal with something like that. So do you have proper systems in place that would help you to do that? Another really good practice. When it comes to disaster management is creating offsite and redundant backups. So these are two different things. An offsite backup is what I mentioned earlier in the class where you have a backup of all your files or your server, whatever it is that you're using in your business, and then you take it home with you. So if you have an external office, you have a separate backup that you take home with you. So if something were to happen to your office, you still have the backup at home that you can use if anything were to happen with your computer at your office, a redundant backup is essentially a backup of your backup. So you always want to have at least two backups of your information so that if a file is corrupted and one backup chances are, the other backup is going to be fine. So what I do is I have. It's called a click free backup. So it is a external hard drive that automatically takes a back up every day at the same time. And then I also use back up in the cloud. So I use Google Drive in the cloud to do a secondary backup so that if anything were to happen with my click three backup drive, I could then go into Google Drive and look up the information that I'm looking for. So the best way to start thinking about a disaster management plan is to imagine what would happen in a worst case scenario for your business. So if your business was completely wiped out, how would you go about getting back up and running again? And what do you need to have in place to do that? And then you can start taking those steps to actually set that up so that you have a less worry when it comes Teoh having an emergency or a disaster with your business. 8. Your Project: Okay, so your class project is to work through your disaster management plan. So you will find a link to a Google doc that has several questions on it, and I'm going Teoh ask you the questions here as well. But the way you start thinking about disaster management is to work backwards. So pretend like the absolute worst thing has happened in your business and start figuring out how you would start rebuilding that, because that's going to allow you to put steps in place to potentially have away those things happening and save yourself a lot of time if an emergency does happen. So with the disaster management plan, you are planning for the worst, and you're trying to think of every possible bad thing that could happen in your business so that you can put systems and plays to potentially avoid that, or to take a less time in setting yourself back up again after a disaster. So you want to make sure that all the basics are covered as well, so that's like your backups having the proper insurance, all those kinds of things you want to make sure you have those as well, and the Google document goes through all those things that you need to think about. So these are the questions that you will find in the Google document, and there's additional information in there to help you think about each step. Of course, if you have any questions, make sure that you post them below. But the first thing you're going to think about if a disaster were to strike, you want to think about what you're mean source of income is because that's the one you want to focus on, getting back up and running as soon as possible. Then you want to think about what tools so software and other things that you need to earn this income. So maybe you have certain files that you need to use certain programs that are downloaded and not just APS that use online. So make a list of all those things that you need to earn that income and think about what you would need to do to get those back in place. If something were to happen to your business, then do you have more than one way to collect payments from customers? So if you are using a point of sale machine, for example, and there was maybe a fire nearby that didn't wipe out your business. But say it wiped out the signal that you did needed to use the point of sale machine. Do you have a manual way of taking payments, or is there another payment away, a method of payment that you could use online but also think about that. If it wiped out your point of sale machine, there's a good chance may have wiped out Internet service as well. So you might wanna have a secondary method to collect payments from customers. What is covered in your insurance plan? So it's really important to talk to your insurance adviser and see what kind of business insurance you have. And if there's anything that is lacking, so a good business insurance advisor will know all the questions to ask to make sure that you have all the coverage that you need now, they may also try to sell you extra things, but that's going to be up to you to decide if you need all those things. And what are the most important types of coverage for you? For example, I mentioned earlier in the class about how some people will try to scam you by going through insurance to make a claim if they happen to fall in your place of business. So you want to make sure that your business will be covered for that. If something like that did happen, do you have a backup computer? So I mentioned before about taking backups of files and programs, but you also want to consider a backup method of actually doing your work. So say, for example, if you have an external office and you have a computer there that you use for all your work , if something were to happen like a fire and that computer was destroyed, do you have another computer at home that you could use? In the meantime, if you weren't able to access that computer at the office, what is your privacy policies? So we discussed privacy policies and why they are important, so you want to take a good look at that and make sure that you have all the steps covered. So maybe take a look at some templates that you can find online, or, if you know somebody in a similar industry to what your business is, and you can ask him if you could see their privacy policy. Or maybe you can find it by going to their website and clicking on it that way. But you want to make sure that you are covered in terms of explaining how you are using people's private information in your business. And then you want to make sure that you can access your backups in the case of an emergency . So if you're using a, um, backup system in the cloud, you want to make sure that it's easily accessible. Maybe you can access it from multiple devices, so that makes it that much easier to access. If you're using ah, backup drive, you want to make sure that you are able to plug that in and easily use it if you have to use a different computer system, for example, all right, so take a crack at answering these questions in the Google doc, you just want to make sure that you make a copy of my Google doc first, and then you'll be able to type right in document. And if you have any questions while you're working through that, make sure you post them below, and I will be happy to help you out 9. Thank You: Thank you so much for joining me in this free skill share class. Protect your business. Looking at identity theft and disaster management. If you enjoyed the class, please follow me on skill share and check out the other classes. I have many classes, own accounting and bookkeeping, and I'm always open to ideas. So feel free to post a message in any of the discussions for the classes. Thank you again and enjoy.